Analysis

  • max time kernel
    141s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 03:43

General

  • Target

    JaffaCakes118_df4ec7386684763d9bc227db6eca49623eae8ac7c77bb914c133d00f28bf3cef.dll

  • Size

    490KB

  • MD5

    7e68b8435ee3b4841fe527e474d14aa8

  • SHA1

    3503a471155526b856cbc993f4742bb6acdcab8f

  • SHA256

    df4ec7386684763d9bc227db6eca49623eae8ac7c77bb914c133d00f28bf3cef

  • SHA512

    bc31ecd6f33cdd1f717723e2f2d4eec921af13a422ea7df82a09ff31856b7be5d1d7488b958c2e7824429fc124734f1c99cc380ec1985870b72a5d94c7cd6283

  • SSDEEP

    12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRT:knmj6xK1y3Ik6TZGRT

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Icedid family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_df4ec7386684763d9bc227db6eca49623eae8ac7c77bb914c133d00f28bf3cef.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3068-0-0x0000000001D00000-0x0000000001D0E000-memory.dmp

    Filesize

    56KB

  • memory/3068-1-0x0000000001D00000-0x0000000001D0E000-memory.dmp

    Filesize

    56KB